Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
64 commits
Select commit Hold shift + click to select a range
c3261bc
S28-3556: add method & FT for audit log display
Dec 12, 2024
b4a5d0e
S28-3556: correct audit log query
Dec 13, 2024
d274b3e
Merge branch 'master' into S28-3556
Dec 13, 2024
2f11ef1
Update Swagger v2 Spec Bump APIm revision to 94
pre-devops Dec 13, 2024
c306361
Merge branch 'master' into S28-3556
Dec 16, 2024
14bb369
S28-3556: resolve merge conflict
Dec 16, 2024
d42fab0
S28-3556: create AuditDTO.java
Dec 16, 2024
bad3267
Update Swagger v2 Spec
pre-devops Dec 16, 2024
32809e7
S28-3556: add test for AuditService
Dec 16, 2024
4b45391
Merge branch 'S28-3556' of https://github.com/hmcts/pre-api into S28-…
Dec 16, 2024
38de486
S28-3556: fix auditServiceTest
Dec 16, 2024
8aab630
S28-3556: remove unused import
Dec 16, 2024
ca67746
disable auth ONLY for audit PUT endpoint
lucas-phillips28 Dec 16, 2024
bab07e1
Merge branch 'master' into S28-3556
Dec 17, 2024
1dd69e8
S28-3556: amend AuditControllerFT to return audit logs
Dec 17, 2024
5eeac9a
Merge branch 'master' into S28-3556
Dec 17, 2024
3837221
S28-3556: fix AuditControllerFT
Dec 17, 2024
85c875a
Merge branch 'master' into S28-3556
Dec 17, 2024
99e445f
S28-3556: amend getAuditLogsSortBy() FT description
Dec 17, 2024
8aac6c4
S28-3556: add parameterized test for AuditController 403 GET endpoint…
Dec 17, 2024
6c5d63a
Merge branch 'master' into S28-3556
Dec 17, 2024
51fd0c2
S28-3556: add test for null value in AuditControllerFT
Dec 17, 2024
d598a61
Merge branch 'master' into S28-3556
Dec 17, 2024
9973022
S28-3556: reorder conditional in unauthorised requests test in AuditC…
Dec 17, 2024
4d78c5e
S28-3556: remove unused package in AuditControllerFT
Dec 17, 2024
08b4bd9
Merge branch 'master' into S28-3556
Dec 18, 2024
7753575
S28-3556: resolve checksum issues in AuditControllerFT (whitespace ch…
Dec 18, 2024
57266b9
S28-3556: reduce code repetition with AuditDTO inheritance from Creat…
Dec 18, 2024
180ba96
S28-3556: add AuditDTO test
Dec 18, 2024
a62e5c0
S28-3556: add test to AuditControllerTest
Dec 18, 2024
716fdf1
S28-3556: add test for pageable exception in AuditControllerTest
Dec 19, 2024
dfcceb1
Merge branch 'master' into S28-3556
Dec 19, 2024
6bb9014
Merge branch 'master' into S28-3556
Jan 6, 2025
8372338
Merge branch 'master' into S28-3556
Jan 6, 2025
35fff0a
Merge branch 'master' into S28-3556
Jan 7, 2025
458e3b5
S28-3556: add params in AuditController searchAuditLogs to modify pag…
Jan 7, 2025
a37d908
Update Swagger v2 Spec
pre-devops Jan 7, 2025
1495f3a
S28-3556: resolve checkstyle error w/ import ordering in AuditController
Jan 7, 2025
ebf4467
Merge branch 'S28-3556' of https://github.com/hmcts/pre-api into S28-…
Jan 7, 2025
5e244ee
S28-3556: address sonarcloud issues (remove AuditDTOTest publicness, …
Jan 7, 2025
7b1226d
Merge branch 'master' into S28-3556
pr00279 Jan 9, 2025
01e927f
Merge branch 'master' into S28-3556
Jan 20, 2025
8b173d3
Merge branch 'S28-3556' of https://github.com/hmcts/pre-api into S28-…
Jan 20, 2025
f97f01e
Merge branch 'master' into S28-3556
Jan 22, 2025
9806289
Merge branch 'master' into S28-3556
Jan 27, 2025
2d45519
S28-3556: resolve conflict
Feb 10, 2025
499331f
S28-3556: resolve conflict (replace method name in test support)
Feb 10, 2025
f09a465
Merge branch 'master' into S28-3556
pr00279 Mar 3, 2025
7923155
Merge branch 'master' into S28-3556
jasonpaige Aug 1, 2025
e182ad7
Update Swagger v2 Spec Bump APIm revision to 115
pre-devops Aug 1, 2025
369e467
unused imports
jasonpaige Aug 1, 2025
b599b06
S28 2059: Search Audits (#956)
lucas-phillips28 Aug 4, 2025
4fa56df
MockitoBean
jasonpaige Aug 4, 2025
f41a3a4
Update Swagger v2 Spec
pre-devops Aug 4, 2025
f8c8261
Merge branch 'master' into S28-3556
jasonpaige Nov 13, 2025
dd5cd9e
Bumped APIm revision to 127
pre-devops Nov 13, 2025
cda68db
Merge branch 'master' into S28-3556
oliver-scott Jun 26, 2026
5cf17b0
Fix after merge
oliver-scott Jun 26, 2026
36479b0
Update OpenAPI Spec for pre-api
pre-devops Jun 26, 2026
81e8694
Fix PMD warnings
oliver-scott Jun 26, 2026
ace1f18
Fix audit controller functional tests
oliver-scott Jun 26, 2026
c1abaa3
Merge branch 'master' into S28-3556
oliver-scott Jun 26, 2026
9b545d4
Refactor
oliver-scott Jun 26, 2026
0f35e1e
Checkstyle fixes
oliver-scott Jun 26, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 134 additions & 0 deletions pre-api-stg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1255,6 +1255,52 @@ definitions:
- ERROR
type: string
type: object
EntityModelAuditDTO:
properties:
_links:
$ref: '#/definitions/Links'
activity:
description: AuditActivity
type: string
audit_details:
$ref: '#/definitions/JsonNode'
category:
description: AuditCategory
type: string
created_at:
description: AuditCreatedAt
format: date-time
type: string
created_by:
$ref: '#/definitions/BaseUserDTO'
functional_area:
description: AuditFunctionalArea
type: string
id:
description: AuditId
format: uuid
type: string
source:
description: AuditLogSource
enum:
- APPLICATION
- PORTAL
- ADMIN
- AUTO
type: string
table_name:
description: AuditTableName
type: string
table_record_id:
description: AuditTableNameRecordId
format: uuid
type: string
required:
- created_at
- created_by
- id
- source
type: object
EntityModelBookingDTO:
properties:
_links:
Expand Down Expand Up @@ -1950,6 +1996,20 @@ definitions:
format: int64
type: integer
type: object
PagedModelEntityModelAuditDTO:
properties:
_embedded:
properties:
auditDTOList:
items:
$ref: '#/definitions/EntityModelAuditDTO'
type: array
type: object
_links:
$ref: '#/definitions/Links'
page:
$ref: '#/definitions/PageMetadata'
type: object
PagedModelEntityModelBookingDTO:
properties:
_embedded:
Expand Down Expand Up @@ -2833,6 +2893,80 @@ paths:
summary: Get the latest terms and conditions for the app
tags:
- terms-and-conditions-controller
/audit:
get:
operationId: getAuditLogs
parameters:
- description: The date time to search after
format: iso-date-time
in: query
name: after
type: string
x-example: '2021-01-01T00:00:00'
- description: The date time to search before
format: iso-date-time
in: query
name: before
type: string
x-example: '2021-01-01T00:00:00'
- description: The functional area to search by
in: query
name: functionalArea
type: string
x-example: API
- description: The source to search by
enum:
- APPLICATION
- PORTAL
- ADMIN
- AUTO
in: query
name: source
type: string
- description: Partial user's name to search by
in: query
name: userName
type: string
- description: The court id of the audit to search by
format: uuid
in: query
name: courtId
type: string
x-example: 123e4567-e89b-12d3-a456-426614174000
- description: The case reference of the audit to search by
in: query
name: caseReference
type: string
x-example: CASE12345
- description: The page number of search result to return
format: int32
in: query
name: page
type: integer
x-example: 0
- description: The number of search results to return per page
format: int32
in: query
name: size
type: integer
x-example: 10
- description: The User Id of the User making the request
format: uuid
in: header
name: X-User-Id
required: false
type: string
x-example: 123e4567-e89b-12d3-a456-426614174000
produces:
- application/octet-stream
responses:
'200':
description: OK
schema:
$ref: '#/definitions/PagedModelEntityModelAuditDTO'
summary: Search all Audits
tags:
- audit-controller
'/audit/{id}':
put:
consumes:
Expand Down
2 changes: 1 addition & 1 deletion specs/pre-api.json

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@
import io.restassured.response.Response;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.junit.jupiter.params.provider.NullSource;
import uk.gov.hmcts.reform.preapi.controllers.params.TestingSupportRoles;
import uk.gov.hmcts.reform.preapi.dto.AuditDTO;
import uk.gov.hmcts.reform.preapi.dto.CreateAuditDTO;
import uk.gov.hmcts.reform.preapi.enums.AuditLogSource;
import uk.gov.hmcts.reform.preapi.util.FunctionalTestBase;
Expand All @@ -18,25 +22,89 @@ class AuditControllerFT extends FunctionalTestBase {
@DisplayName("Should fail to update an audit record as they are immutable")
@Test
void updateAuditFailure() throws JsonProcessingException {
var audit = new CreateAuditDTO();
audit.setId(UUID.randomUUID());
audit.setAuditDetails(OBJECT_MAPPER.readTree("{\"test\": \"test\"}"));
audit.setSource(AuditLogSource.AUTO);
var audit = createCreateAuditDTO();
TestingSupportRoles authenticatedAs = TestingSupportRoles.SUPER_USER;

var success = putAudit(audit);
var success = putAudit(audit, authenticatedAs);
assertResponseCode(success, 201);

var error = putAudit(audit);
var error = putAudit(audit, authenticatedAs);
assertResponseCode(error, 400);
assertThat(error.body().jsonPath().getString("message"))
.isEqualTo("Data is immutable and cannot be changed. Id: " + audit.getId());
}

private Response putAudit(CreateAuditDTO dto) throws JsonProcessingException {
private Response putAudit(CreateAuditDTO dto, TestingSupportRoles authenticatedAs) throws JsonProcessingException {
return doPutRequest(
AUDIT_ENDPOINT + dto.getId(),
OBJECT_MAPPER.writeValueAsString(dto),
TestingSupportRoles.SUPER_USER
authenticatedAs
);
}

@DisplayName("Should sort by created at desc")
@Test
void getAuditLogsSortBy() throws JsonProcessingException {
var audit1 = createCreateAuditDTO();
TestingSupportRoles authenticatedAs = TestingSupportRoles.SUPER_USER;

var success1 = putAudit(audit1, authenticatedAs);
assertResponseCode(success1, 201);

var audit2 = createCreateAuditDTO();

var success2 = putAudit(audit2, authenticatedAs);
assertResponseCode(success2, 201);

var getAuditLogs1 = doGetRequest("/audit", TestingSupportRoles.SUPER_USER);

assertResponseCode(getAuditLogs1, 200);
var auditLogs1 = getAuditLogs1.jsonPath().getList("_embedded.auditDTOList", AuditDTO.class);

// default sort by createdAt desc
assertThat(auditLogs1.size()).isEqualTo(20);
// get index 1, as index 0 is the GET generated by the AuditListener audit method
assertThat(auditLogs1.get(1).getId()).isEqualTo(audit2.getId());
assertThat(auditLogs1.get(2).getCreatedAt()).isAfter(auditLogs1.getLast().getCreatedAt());
}

@ParameterizedTest
@NullSource
@EnumSource(value = TestingSupportRoles.class, names = "SUPER_USER", mode = EnumSource.Mode.EXCLUDE)
@DisplayName("Unauthorised use of endpoints should return 403 (or 401 for null authorisation)")
void unauthorisedRequestsReturn403Or401(TestingSupportRoles testingSupportRole) {
var getAuditLogsResponse = doGetRequest("/audit", testingSupportRole);
if (testingSupportRole != null) {
assertResponseCode(getAuditLogsResponse, 403);
} else {
assertResponseCode(getAuditLogsResponse, 401);
}
}

@DisplayName("Should put audit successfully as anonymous user")
@Test
void putAuditSuccessfullyAsAnonymousUser() throws JsonProcessingException {
CreateAuditDTO audit = createCreateAuditDTO();

Response response = putAudit(audit, null);
assertResponseCode(response, 201);
}

@DisplayName("Should put audit successfully as authenticated user")
@Test
void putAuditSuccessfullyAsAuthenticatedUser() throws JsonProcessingException {
CreateAuditDTO audit = createCreateAuditDTO();
TestingSupportRoles authenticatedAs = TestingSupportRoles.SUPER_USER;

Response response = putAudit(audit, authenticatedAs);
assertResponseCode(response, 201);
}

private CreateAuditDTO createCreateAuditDTO() throws JsonProcessingException {
var audit = new CreateAuditDTO();
audit.setId(UUID.randomUUID());
audit.setAuditDetails(OBJECT_MAPPER.readTree("{\"test\": \"test\"}"));
audit.setSource(AuditLogSource.AUTO);
return audit;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ public class SecurityConfig {
"/prometheus",
"/users/by-email/**",
"/reports/**",
"/audit/**",
"/b2c/**",
"/error",
"/app-terms-and-conditions/latest",
Expand All @@ -43,6 +42,10 @@ public class SecurityConfig {
"/invites",
};

public static final String[] PERMITTED_URIS_PUT_ONLY = {
"/audit/**",
};

public static final String[] PERMITTED_URIS_POST = {
"/invites/redeem",
"/batch",
Expand All @@ -66,6 +69,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
authorize
.requestMatchers(HttpMethod.GET, PERMITTED_URIS_GET_ONLY).permitAll()
.requestMatchers(HttpMethod.POST, PERMITTED_URIS_POST).permitAll()
.requestMatchers(HttpMethod.PUT, PERMITTED_URIS_PUT_ONLY).permitAll()
.requestMatchers(PERMITTED_URIS_ALL_REQUESTS).permitAll()
.anyRequest().authenticated()
)
Expand Down
Loading
Loading